Implement A Security Plan For Your Business

First, What is a Security Plan?

A Security Plan or System Plan documents the controls that have been selected to mitigate the risk of a system. The controls are determined by a Risk Analysis.

Assisting with the process NIST (National Institute of Standards and Technology) provides a catalog of controls with templates outlining the Cybersecurity Framework for Critical Infrastructure and Security Plan. Businesses may use the outline when creating their Security Plan.

How to Implement Your Security Plan?

1. Take an inventory of your physical and information assets (what are you protecting?).
2. Perform a risk assessment to determine what level of security is needed to protect your information assets.
3. Complete the checklist to make you aware of your security strengths and weaknesses
4. Complete an evaluation. Evaluate your findings and discuss recommendations to correct deficiencies and/or improve security with departmental administration and IT staff.
5. Develop a security plan. Create a plan with target dates for implementation.
6. Set Deadlines / Completion Dates
7. Project Management – Monitor the process from start to finish
8. Evaluate upon completion

Responsibilities for a Departmental Security Plan

Inventory – IT Staff

Risk Assessment – Systems Administrator

Checklist – Systems Administrator

Evaluation – Systems Administrator

Plan – IT Staff & Systems Administrator

What does a simple IT security plan schedule look like?

Tasks Example:

Draft Security Plan

Submit Plan for review by other managers / outsourced IT company for this process.